Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for managing a network communication, comprising: executing on one or more processors, actions including: receiving a Secured Socket Layer (SSL) session identifier (ID) within an SSL handshake protocol message for establishing an SSL connection; performing a reversible exclusive-or operation on the SSL session ID with a pre-determined ID associated with a network device to generate an other ID, wherein the other ID comprises a plurality of information associated with an operation for caching the SSL session ID and other information usable for re-establishing an SSL session; determining, based on at least a portion of the other ID, a failure statistic associated with re-establishing the SSL session for the SSL connection; and tuning the operation for caching based on the failure statistic.
2. The method of claim 1 , wherein tuning comprises: modifying at least one of a maximum cache size, an expiration time window for generating a new expiration time, or a number of cache lookup tables.
3. The method of claim 1 , wherein executing on one or more processors, the following actions, further comprising: re-establishing the SSL session over the SSL connection based at least in part on the other ID.
4. The method of claim 1 , wherein the other ID includes a plurality of different portions of bits, the different portions representing at one of an expiration time, a cache line, or a cache ID.
5. The method of claim 1 , wherein the failure statistic is further based on a comparison of the other ID to a generated ID to determine whether the other ID is valid at least to enable re-establishing of an SSL session, or whether the SSL session ID is counterfeit based in part on a comparison of a threshold value to a portion of the other ID.
6. The method of claim 1 , wherein when it is determined that that the other ID is invalid for re-establishing the SSL session, generating a new SSL session ID.
7. A network communication management system comprising: a memory that stores executable instructions, which when executed, manages a secure socket layer (SSL) session cache; and a processor that executes the stored machine executable instructions to manage the SSL session cache by performing actions including: generating an SSL session identifier for an SSL session within an SSL connection by performing a reversible exclusive-or operation using a first identifier and a second identifier as operands, at least a portion of the first identifier including SSL session information that can be used for of determining a failure statistic associated with re-establishing the SSL session; and sending or receiving the SSL session identifier during at least one SSL handshake to establish or re-establish the SSL session.
8. The network communication management system of claim 7 , wherein the processor executes the stored machine executable instructions to manage the SSL session cache by performing additional actions comprising: tuning the SSL session cache based on the failure statistic generated for the SSL session by adjusting at least one of either a number of cache lookup tables used, cache lookup table sizes, SSL session expiration times, time-to-live parameters, or any other SSL session cache parameter.
9. The network communication management system of claim 7 , wherein the processor performs additional actions, comprising: receiving an other ID; performing the reversible exclusive-or operation on the other ID with the second identifier; and when the reversible exclusive-or operation on the other ID fails to generate the first identifier useable to re-establishing the SSL session, generating a new session identifier to be used in establishing a new session.
10. The network communication management system of claim 7 , wherein the first identifier includes a plurality of bits, wherein different bits are used to identify at least two of a cache line, a unique ID, a cache ID, or an expiration time.
11. The network communication management system of claim 7 , wherein determining a failure statistic comprises: performing the reversible exclusive-or operation using the SSL session identifier and a second identifier as operands to generate an other ID; examining bits within the other ID to identify a cache ID; and when the identified cache ID is determined to be unassociated with a cache lookup table, indicating that the other ID is counterfeit.
12. The network communication management system of claim 7 , wherein determining a failure statistic comprises: performing the reversible exclusive-or operation using the SSL session identifier and a second identifier as operands to generate an other ID; examining bits within the other ID to identify a cache line; and when the cache line greater that a maximum cache line, indicating that the other ID is counterfeit.
13. The network communication management system of claim 7 , wherein determining a failure statistic comprises: performing the reversible exclusive-or operation using the SSL session identifier and a second identifier as operands to generate an other ID; examining bits within the other ID to identify an expiration time; and when the expiration time is determined to be less than an other time, indicating that the other ID is counterfeit.
14. The network communication management system of claim 7 , wherein the failure statistic is used to tune at least one characteristic of a cache used for storing information used to manage SSL sessions.
Unknown
July 9, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.